A recent study has found that 93% of CIO's that were polled were clueless on their Section 404 compliance responsibilities of Sarbanes-Oxley.
"What they've failed to recognize is that 30-40% of a corporation's internal controls over financial reporting are information technology specific and that CIOs and other senior IT executives have a significant role in the process," he continued. "As a result, most corporate IT executives remain in the dark about their full responsibilities, even at this late stage, placing their companies at serious risk for failure. In fact, under the guidelines, if a company's CIO does not understand Sarbanes-Oxley Section 404 requirements, that alone demonstrates a deficiency in the control system."
Sarbanes-Oxley requires issuers of financial instruments in the U.S. - including all public companies whose shares trade on U.S. stock exchanges - to identify their significant financial accounts, the business processes that support those financial accounts and the applications and IT systems that support those business processes. Companies must then document and test the adequacy and effectiveness of controls at the financial reporting level, the application level, the IT infrastructure level and the IT management level. The deadline for the majority of public companies for Section 404 compliance is December 31, 2004 .